Privacy policy

Table of content:

  1. WHAT IS THE PURPOSE OF THIS INFORMATION?
  2. DATA MANAGER'S INFORMATION
  3. WHAT DATA MANAGEMENT PROCESSES ARE CARRIED OUT ON THE WEBSITE?
  4. WHAT RIGHTS DO USERS HAVE?
  5. PROCEDURES RELATING TO A REQUEST FOR THE EXERCISE OF RIGHT
  6. POTENTIAL RECIPIENTS OF PERSONAL DATA, DATA PROCESSORS
  7. DATA SECURITY
  8. COOKIES
  9. OTHER PROVISIONS
  10. ANNEXES
  1. What is the purpose of this information?

We accept this Prospectus for the purpose of providing all relevant information and information to the representatives of natural and legal persons using our services (hereinafter: Users) in a concise, transparent, comprehensible and easily accessible form, in clear and comprehensible terms, and to assist the Clients in the exercise of their rights under point 4.

Our information obligation is based on Regulation (EU) 2016/679 of the European Parliament and of the Council applicable from 25 May 2018. Article 12 of Decree No. CXII of 2011 (hereinafter: GDPR) on the right to self-determination and freedom of information. (hereinafter: Infotv.), and Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. § 4 of the Act (Elkertv.).

The Prospectus has been prepared taking into account the GDPR, the Information Act and other relevant legislation relevant to individual data processing. The legislation is listed in Annex 1 of the Prospectus and the most important terms are described in Annex 2.

In developing and applying this prospectus, we have acted in accordance with the findings of the Recommendation to the National Data Protection and Freedom of Information Authority on prior data protection requirements and Article 5 of the GDPR, in particular the principle of accountability in Article 5 (2).

  1. Data manager's information

Name:           Zeitler Photo

Website: https://zeitlerphoto.hu

E-mail:  info@zeitlerphoto.hu

Phone number: +36 20/365 44 49

  1. What data management processes take place on the Website?

In this section, we detail the relevant circumstances for each data controller that the GDPR and other sectoral legislation expects of all data controllers.

3.1 Data management related to newsletter sending

In order to provide visitors to our Website with up-to-date information, it is possible to subscribe to our newsletter. The following information applies to this data management:

3.1.1. Purpose of the personal data processed and data management

purpose of personal data processing

name - by entering this we can address the User in our newsletter

e-mail address - by entering this we get to know the User's electronic contact, where we can send our newsletter

3.1.2. Legal basis for data management

User's consent (Article 6 (1) (a) of the GDPR) and Section XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising. Act (hereinafter: Grt.) § 6 (1)).

3.1.3. Duration of data management

The personal data provided will be processed until the consent is withdrawn. The User may withdraw his consent at any time by clicking on the "Unsubscribe" button in the sent letter.

3.1.4. Method of data management

In electronic form.

3.2. Contact data management

You can contact us through our website for any purpose. Details of the related data management are shown below.

3.2.1. Purpose of the personal data processed and data management

purpose of personal data processing

name - User identification

e-mail address - contact the User

telephone number - contact the User

 3.2.2. Legal basis for data management

Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1) and (3).

3.2.3. Duration of data management

For 1 year after contact.

3.2.4. Method of data management

In electronic form.

3.3. Data management of order related issues

It is possible to order various products on our website. The related data management is described in this section.

3.3.1. Purpose of the personal data processed and data management

purpose of personal data processing

name - we can identify the customer of the product by entering the name during the execution of the order

address (postal code, city, street name, house number together) - we can send the ordered product by post to the given address

telephone number - contacting the customer and informing about the details of the order

e-mail address - contacting the customer and informing them about the details of the order

3.3.2. Legal basis for data management

Performance of a contract to which the Data Controller and the User are parties (Article 6 (1) (b) GDPR)

If the customer is a legal entity, the legal basis for the processing of the above-mentioned personal data of its contact person is the legitimate interest of the controller and the customer (Article 6 (1) (f) GDPR). It is in the legitimate interest of both parties to communicate effectively during the order process and to provide each other's designated representative with information on any material circumstances affecting the contract between us. The violation of the customer's contact person's right to information self-determination cannot be established, because it is his job or contractual obligation to facilitate communication between the parties and to provide his personal data for this purpose.

3.3.3. Duration of data management

Subject to Act V of 2013 on the Civil Code (Civil Code) 6:22. § (1), for the above purposes we store the provided personal data for 5 years after the fulfillment of the order.

3.3.4. Method of data management

In electronic form.

3.3.5. Provision of personal data

Due to the fact that we cannot fulfill the orders without knowing the personal data mentioned in this section, the provision of personal data is a precondition for concluding a contract.

3.4. Invoice data management

After the fulfillment of the orders - in accordance with Act C of 2000 on Accounting (hereinafter: the Act) - we issue an accounting document. Details of the related data management are shown below.

3.4.1. Purpose of the personal data processed and data management

purpose of personal data processing

name - supporting the accounting settlement of the execution of the order (economic event)

address / registered office of the sole proprietor (postal code, city, street name, house number together) - support for the accounting settlement of the fulfillment of the order (economic event)

 3.4.2. Legal basis for data management

Subject to legal data management (subject to Article 6 (1) (c) of the GDPR, Info tv. Section 5 (1) b) and the Act no. Section 166 (1) - (3)).

3.4.3. Duration of data management

For 8 years after the issuance of the accounting document, subject to Section 166 (6) of the Act, Section 169 (1) of the Act

3.4.4. Method of data management

In electronic form.

3.4.5. Provision of personal data

Due to the fact that we cannot issue an accounting document without knowing the personal data in this section, the provision of personal data is based on law.

3.5. Customer service data management

We maintain customer service on our Website in order to answer the Users' questions and to investigate any complaints.

3.5.1. Purpose of the personal data processed and data management

purpose of personal data processing

name - User identification

e-mail address - to provide contact and information to the User

telephone number - to provide contact and information to the User

 3.5.2. Legal basis for data management

Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) (b) and the CLV of 1997 on consumer protection. Act (Fgytv.)

3.5.3. Duration of data management

Fgytv. 17 / A. § (7) for 5 years from the receipt of the complaint.

3.5.4. Method of data management

In electronic form.

3.6. Data management related to registration

It is possible to register on our website in order to take advantage of various discounts (faster ordering, recording more delivery addresses, viewing order history, tracking order status, using a wish list). Details of the related data management are shown below:

3.6.1. Purpose of the personal data processed and data management

purpose of personal data processing

name - User identification

address - providing additional information for orders

e-mail address - contact with the User

telephone number - contact with the User

password - technical operations

3.6.2. Legal basis for data management

Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1)

3.6.3. Duration of data management

Until deleted at the request of the User. If the User does not use his account, his profile will be deleted 5 years after the last order.

3.6.4. Method of data management

In electronic form.

3.7. Data management related to gift vouchers

On our website, Users have the opportunity to purchase and redeem gift vouchers for third parties (Recipients). Details of the related data management are shown below:

3.7.1. Purpose of the personal data processed and data management

purpose of personal data processing

User Name - Identify the user

User's e-mail address - contact with the User

Recipient Name - Identify the recipient

Recipient's e-mail address - delivery of the voucher to the Recipient

3.7.2. Legal basis for data management

With regard to the User, our data management is based on law; Subject to Article 6 (1) (c) and (2) of the GDPR, Info tv. Section 5 (1) b) and the Elkertv. 13 / A. § (1).

With regard to the Recipient, our data processing is based on various legitimate interests (Article 6 (1) (f) GDPR); we have a legitimate interest in the User successfully gifting the Recipient with the voucher. Without the knowledge of the Recipient's personal data, we would not be able to perform our service without proper information. It is also in the legitimate interest of the User that, as a result of the data processing, the Recipient designated by him / her can take advantage of the possibilities inherent in the gift voucher. As the Recipient also has a legitimate interest in benefiting from the benefits, no unjustified restriction on his right to information self-determination and privacy can be established in the context of data processing.

3.7.3. Duration of data management

The User's personal data will be deleted upon request. If the Recipient does not use the gift voucher, our personal data will be deleted 1 year after the voucher is issued.

3.7.4. Method of data management

In electronic form.

  1. What rights do Users have?

It is important to us that our data management meets the requirements of fairness, legality and transparency. In light of this, we briefly present the rights of each of the parties concerned in this section, and then explain them in more detail in Annex 3 to the prospectus.

Our user may request free information about the details of the processing of his / her personal data, as well as in cases specified by law, request their correction, deletion, blocking, or restriction of their processing, and may object to the processing of such personal data. Requests for information and requests in this section can be addressed by our User to our contact details in section 2.

4.1. Access right

Our users can receive feedback from us about the handling of their personal data and have access to this personal data and the details of their handling.

4.2. Right to rectification

At the request of our user, we will correct inaccurate personal data without undue delay, and we are entitled to request the completion of incomplete personal data, inter alia by means of an additional statement.

4.3. Right of cancellation

At the request of our user, we will delete personal data relating to him or her if we do not need to process it, or withdraw his or her consent, or object to the processing of the data, or their processing is illegal.

4.4. Right to forget

If we so request, we will try to notify all data controllers of our User's request for cancellation who have become aware of or may have become acquainted with our User's possibly disclosed data.

4.5. Right to restrict data management

At the request of our User, we restrict the data processing if the accuracy of the personal data is disputed, or the data processing is illegal, or our User objects to the data processing, or if we no longer need the provided personal data.

4.6. Right to data portability

Our user may receive the personal data concerning him / her in a structured, widely used, machine-readable format, or forward it to another data controller.

4.7. Responding to requests

The application will be examined as soon as possible after its submission, but not later than within 30 days - in case of protest - 15 days - and a decision on its merits will be made, of which the applicant will be informed in writing. If we do not comply with our User's request, we will state in our decision the factual and legal reasons for rejecting the request.

4.8. Remedies

The protection of personal data is important to us, and at the same time we respect the right of users to self-determination of information, therefore we try to respond to all requests in a correct manner and within the time limit. In view of this, we ask Dear Users to contact us - in order to make a complaint - in order to settle any disputes amicably before using any official and court claims.

If the request does not lead to a result our user

- pursuant to Act V of 2013 on the Civil Code, you can assert your rights in court (the lawsuit can also be initiated before the court competent according to the place of residence or stay of our User; the list and contact details of the courts can be viewed at the following link: http://birosag.hu /chairs), and

- to the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; phone: + 36-1-391-1400; fax: + 36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu, website: https://www.naih.hu/panaszuegyintezes-rendje.html, online case initiation: https://www.naih.hu/online-uegyinditas.html, hereinafter: NAIH) and contact you.

  1. Our application procedure

5.1. Notify recipients

We will always notify the recipients to whom or with whom the User's personal data has been communicated of rectification, deletion or data processing restrictions, unless this proves impossible or requires a disproportionate effort. At the request of the User, we will provide information about these recipients.

5.2. Method and deadline of information

We will provide information on the measures taken following the requests related to point 4 in electronic form within a maximum of one month from the receipt of the request, unless otherwise requested by the User. This period may be extended by a further two months if necessary, taking into account the complexity of the application and the number of applications. We will inform the User about the extension of the deadline, indicating the reasons, within one month from the receipt of the request.

Oral information may be provided at the request of the User, provided that he / she proves his / her identity in another way.

If we do not act on the request, we will inform the User of the reasons for this within a maximum of one month of receiving it, as well as of the fact that he may lodge a complaint with the NAIH and exercise his right of judicial appeal (Section 4.8).

5.3. Control

In exceptional cases, if we have reasonable doubts about the identity of the natural person submitting the application, we ask you to provide additional information necessary to confirm your identity. This measure is necessary to promote the confidentiality of data processing, as defined in Article 5 (1) (f) of the GDPR, ie to prevent unauthorized access to personal data.

5.4. Information and action costs

The information provided on the requests related to point 4 and the measures taken on the basis thereof shall be provided free of charge.

If the User's request is manifestly unfounded or, in particular due to its repetitive nature, excessive, we will charge a reasonable fee or refuse to act on the request, taking into account the administrative costs of providing the requested information or information or taking the requested action.

  1. Potential recipients of personal data, data processors

6.1. In connection with the operation of the Website

The hosting provider, as a data processor, has the right to access the personal data provided during the use of the Website.

Név:

SiteGround – ul. “Olimpijska” №6, 1756 g.k. Sofia park, Szófia, Bulgária

6.2. In connection with sending a newsletter

To send newsletters to the Website, there is newsletter software operated by the data processor we use. The data of the data processor are as follows:

Name: X

Contact: X

6.3. In connection with the chat service: X

6.4. In connection with the delivery of ordered products

In order to deliver the ordered products, we use courier companies as data processors. The data of the data processors are as follows:

6.4.1.

Name: X

Contact: X

6.4.2.

Name: X

Contact: X

6.5. In connection with the payment of the order fee

The order fee can be paid through the interface of a banking service provider as a data processor. The data of the data processor are as follows:

Name: X

Contact: X

6.6. In the context of social media interfaces

Our website also has several social media interfaces (e.g. Facebook, Instagram, You Tube); Thus, for example, if a User “likes” our site on Facebook or “follows” us on Instagram, we will learn about all personal information associated with their profile and available to the public. Relevant information on the data management arising on these pages can be found in the service provider's own data management policy.

6.7. In connection with the issue of an invoice

In connection with the invoicing, the tax authority is entitled to get acquainted with the personal data provided by the Users for this purpose in the course of its activities. Details of the tax authority:

Name: National Tax and Customs Administration

Website, contacts: https://www.nav.gov.hu/nav/konnectat

  1. Data security

We and the employees of the data processors have the right to get acquainted with the personal data of the User to the extent necessary for the performance of the tasks belonging to their job. We take all security, technical and organizational measures that guarantee the security of the data.

7.1. Organizational measures

We provide access to our IT systems with personal rights. The principle of “necessary and sufficient rights” applies to the allocation of access, ie all employees may use our IT systems and services only to the extent necessary for the performance of their duties, with the appropriate rights and for the required period of time. Access to IT systems and services should only be granted to a person who is not restricted for security or other reasons (eg conflicts of interest) and who has the professional, business and information security knowledge required to use it securely.

We and the data processors agree to strict confidentiality rules in a written statement and are obliged to act in accordance with these confidentiality rules in the course of our activities.

7.2. Technical measures

The data - with the exception of the data stored by our data processors - is stored on our own devices in a data center. The IT devices storing the data are stored in a separate, separate closed server room, protected by a multi-stage access control system subject to authorization control.

We protect our internal network with multi-level firewall protection. In all cases, a hardware firewall (border protection device) is located everywhere at the entry points of the public networks used. The data is stored redundantly - ie in several places - in order to protect it from destruction, loss, damage and illegal destruction due to the failure of the IT device.

We protect our internal networks from external attacks with multi-level, active protection against complex malicious code (eg virus protection). We implement the essential external access to the IT systems and databases operated by us via an encrypted data connection (VPN).

We do our best to ensure that our IT tools and software continuously comply with the generally accepted technological solutions in the operation of the market.

During our development, we develop systems in which logging can be used to control and track the operations performed, and to detect incidents, such as unauthorized access.

Our server is located on the hosting provider's separate dedicated server, protected and closed.

Taking into account the recommendation on data protection requirements for data management on the websites of NAIH parties, we use the https protocol on the website, which means a higher level of data security compared to the http protocol.

  1. Cookies

In order for our website to work properly, in some cases we place small data files on the User's computer device, similar to most modern websites.

8.1. What is a cookie?

A cookie is a small text file that the website places on the User's computer device (including mobile phones). As a result, the website can “remember” the User’s settings (e.g., language used, font size, display, etc.), so you don’t have to reset it every time you visit our website.

List of cookies used on the Website:

Source of cookie – Name of Cookie – Cookie's function – Cookie's expiration date

.youtube.com – CONSENT – YES+HU.hu+20150628-20-0 – 2038. 01.10., 8:59:59

.youtube.com – VISITOR_INFO1_LIVE – boYhEwR8A7s – 2022. április 8., csütörtök 18:49:31

.youtube.com – YSC – xviLIwLuAc0 – When browsing session ends

.youtube.com – __Secure-3PAPISID – Ncyz-kv0sQh34rKA/AdWLBO43DmLum7LDw – 2022.10.10.,16:46:52

.youtube.com – __Secure-3PSID – 2QfSN_AK3gi15oiZrsL7u-C9PEHkq0EMWnM0cNStxDConaCM1OP9yQv-wV6ss4QjIao4tQ.                – 2022.10.10., 16:46:52

zeitlerphoto.hu – icegram_campaign_clicked_1608 – 1 – 2022. október 13., kedd 2:00:02

zeitlerphoto.hu – icegram_campaign_shown_1855 – 1 – 2022. október 13., kedd 2:00:02

zeitlerphoto.hu – icegram_campaign_shown_1859 – 1 – 2022. október 13., kedd 2:00:02

zeitlerphoto.hu – _ga – GA1.1.237683441.1603636048 – 2022.10.25., 19:35:06

zeitlerphoto.hu – _ga_DZH1LRXFGM – GS1.1.1603645131.2.1.1603647306.0 – 2022.10.25., 19:35:06

These cookies can be deleted or blocked, but in this case the Website may not work properly.

We do not use cookies to personally identify the User. These cookies are for the purposes described above only.

8.2. Google Analytics

  1. The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
  2. Information generated by cookies associated with a website used by a User is typically stored and stored on a Google server in the United States. By activating IP anonymization on the Website, Google will shorten the User's IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.
  3. The full IP address will be transmitted to and truncated to Google's server in the U.S. only in exceptional cases. On our behalf, Google will use this information to evaluate how the User has used the Website and to provide us with reports relating to website activity and to provide additional services relating to website and internet usage.
  4. Google Analytics does not reconcile the IP address transmitted by the User's browser with other Google data. The User may prevent the storage of cookies by setting their browser properly, however, please note that in this case, not all functions of this website may be fully available. You may also prevent Google from collecting and processing your information about your use of the Website (including your IP address) by cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=h

8.3. How are cookies handled?

Cookies can be deleted (see www.AllAboutCookies.org for details) or blocked by most browsers today. In this case, however, when using our website, certain settings will need to be reconfigured each time and certain services may not work.

Detailed information on deleting and blocking cookies can be found at www.AllAboutCookies.org (in English) and on the browser used by the User at the following links:

  • Firefox – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Google Chrome – https://support.google.com/chrome/answer/95647
  • Microsoft Internet Explorer 11 – https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-11
  • Safari 8 – https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
  • Safari 6/7 – https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
  • Opera – https://help.opera.com/en/latest/web-preferences/#cookies
  1. Other provisions

9.1. Data collection on activity

We may collect data about the activity of the Users, which cannot be combined with other data provided by the User during registration, or with data generated when using other websites or services.

9.2. Data management for different purposes

If we intend to use the provided data for a purpose other than the purpose of the original data collection, we will inform the Users about this and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.

9.3. Obligation to register

We keep a record of the data management activities carried out under our responsibility (data management activity record) in accordance with Article 30 of the GDPR.

9.4. Privacy incident

A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data processed. In the event of a data protection incident, we are obliged to act in accordance with Articles 33 and 34 of the GDPR. We record data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.

9.5. Amendment

We have the right to unilaterally amend this Prospectus at any time.

Applicable from: 2020. 10. 12.

Zeitler Photo

Data controller

  1. Annex

Relevant legislation

In preparing the Prospectus, the Data Controller has taken into account the relevant applicable legislation and the most important international recommendations, in particular the following:

- Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR)

- Act CXII of 2011 on the right to information self-determination and freedom of information. Act CXII of 2011 Act (Infotv.);

- Act V of 2013 on the Civil Code (Civil Code);

- Act CXXX of 2016 on the Code of Civil Procedure. law (Pp);

- Act C of 2000 on Accounting (Act on Accounting);

- CLV of 1997 on consumer protection. Act (Fgytv.);

- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act (Elkertv.)

  1. Annex

Concepts related to the processing of personal data

- data controller: the legal person who determines the purposes and means of the processing of personal data;

- data management: any operation or set of operations on personal data or data files, whether automated or non-automated, such as collection, recording, systematisation, segmentation, storage, transformation or alteration, retrieval, consultation, use, communication, transmission, distribution or otherwise harmonization or interconnection, restriction, deletion or destruction;

- data transfer: making the data available to a specific third party;

- erasure of data: making the data unrecognizable in such a way that it is no longer possible to recover them;

- data designation: the identification of the data in order to distinguish it;

- Restriction of data processing: marking of stored personal data in order to limit their future processing;

- data destruction: complete physical destruction of the data carrier;

- data processor: the legal person that processes personal data on behalf of the controller;

- recipient: any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not;

- cookie: a small data packet (text file) sent by the web server and placed on the user's computer for a specified period of time, which, depending on its nature, can be supplemented by the server on new visits, ie if the browser returns a previously saved cookie to the cookie provider you have the option to link the user's current visit to previous ones, but only for their own content;

- data subject / user: an identified or identifiable natural person; identify a natural person who, directly or indirectly, in particular on the basis of an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

- third party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct control of the controller or processor;

- the data subject's consent: a voluntary, specific and well-informed and unambiguous statement of the data subject's consent to indicate his or her consent to the processing of personal data concerning him or her, by means of a statement or an unequivocal statement of confirmation;

- IP address: in all networks in which communication takes place according to the TCP / IP protocol, the server machines have an IP address, ie an identification number, which enables the identification of the given machines via the network. It is known that every computer connected to a network has an IP address through which it can be identified.

- personal data: any information about the data subject .;

- protest: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data.

  1. Annex

Rights concerned

Access

The User is entitled to have access to the personal data processed by us upon his / her request - submitted at one of our contact details. As part of this, the User will be informed about the following:

- whether your personal data is being processed;

- the purposes of data management;

- the categories of personal data concerned;

- the recipients or categories of recipients to whom or with whom the personal data have been or will be communicated;

- the intended duration of the storage of personal data;

– rights;

- legal remedies;

- information on data sources.

The User may also request the provision of a copy of the personal data that is the subject of data management. In this case, the personal data will be provided in a structured, widely used, computer-readable format (PDF / XML) or in a printed version on paper. Requesting a copy is free.

Rectification

Based on the request submitted through our contact details, the User is entitled to request the correction of inaccurate personal data processed by us and the supplementation of incomplete data. If we do not have the information necessary to clarify or supplement the untrue information, we may request the submission of this additional data and the verification of the accuracy of the data. Until the data can be clarified or supplemented - in the absence of additional information - we will restrict the processing of the personal data concerned, and the operations performed on them - with the exception of storage - will be temporarily suspended.

Deletion

Based on the request submitted through our contact details, the User is entitled to request the deletion of the personal data processed by us, if any of the following conditions exist:

- we no longer need the data;

- we have concerns about the lawfulness of the processing of your data by us.

If, following the User's request, we determine that there is an obligation to delete the personal data we process, we will terminate the processing of the data and destroy the previously processed personal data. In addition, the obligation to delete personal data may be based on the withdrawal of consent, the exercise of the right to protest and legal obligations.

Restrictions on data management

Based on the request submitted through our contact details, the User is entitled to request a restriction on the processing of personal data processed by us in the following cases:

- is concerned about the lawfulness of the processing of personal data we process about him/her and calls for a restriction instead of deleting the data;

- we no longer need the data, but the User requests it to submit, enforce or protect legal claims.

We automatically restrict the processing of personal data in the event that the User disputes the accuracy of the personal data or if the User exercises the right to object. In this case, the restriction shall apply for a period which allows the accuracy of the personal data to be verified or, in the event of an objection, to establish whether the conditions for continuing the processing exist.

During the restriction period, no data management operations may be performed on the marked personal data, only the data may be stored. Personal data may only be processed in the following cases if data processing is restricted:

- with the consent of the data subject;

- filing, asserting or defending legal claims;

- protection of the rights of another natural or legal person;

- Important public interest.

Users will be notified in advance of the lifting of the restriction.

Data portability

Based on the request submitted through our contact details, the User is entitled to request the provision of the personal data processed by us concerning him / her in order to further use them specified by the User. In addition, the User may request that our personal data be transferred to another data controller designated by him.

This right is limited only to the personal data provided to us by the User and processed in order to fulfill his contract. There is no possibility of other data portability. We provide personal data to the User on a paper basis in a structured, widely used, computer-readable format (PDF / XML) and in its printed version.

We inform the User that the exercise of this right does not automatically lead to the deletion of personal data from our systems. In addition, the User is entitled to contact or keep in touch with us again after the transfer of the data.

Protest

The User may, at any time, object to the processing of his personal data for the purpose of registration, based on a request submitted through our contact details. In this case, the Data Controller examines whether the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the User, or which are related to the submission, enforcement or protection of legal claims. If we find that such reasons exist, we will continue to process your personal data. Otherwise, personal data will no longer be processed.

Zeitler Photo